package com.jx.mlxg.config;

import com.jx.mlxg.filter.JwtAuthenticationFilter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration

public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .sessionManagement(sess -> sess.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .authorizeHttpRequests(authz -> authz
<<<<<<< HEAD
                        .requestMatchers("/", "/wxApi/**","/user/login","/order/getOrderParams"/*, "/auth/error","/materialrequest/**","/order/**","/approval11/**"*/).permitAll()
=======
                        .requestMatchers("/", "/login/**", "/error"/*,"/materialrequest/**"*/).permitAll()
>>>>>>> eb72a42842a7e02f996c4f2d21dc4051aa14ecf1
                        .anyRequest().authenticated()
                )
                .addFilterBefore(jwtAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    @Bean
    public JwtAuthenticationFilter jwtAuthenticationFilter() {
        return new JwtAuthenticationFilter();
    }
}
